dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #32899
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16733: use POST request for updating password, PUT request with form data can cause issues on certain co...
------------------------------------------------------------
revno: 16733
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2014-09-17 14:03:32 +0700
message:
use POST request for updating password, PUT request with form data can cause issues on certain containers (tomcat) and should not be used.
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java
dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java 2014-09-17 06:15:25 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java 2014-09-17 07:03:32 +0000
@@ -441,7 +441,7 @@
ContextUtils.createdResponse( response, "Account created", null );
}
- @RequestMapping( method = RequestMethod.PUT )
+ @RequestMapping( value = "/password", method = RequestMethod.POST )
public void updatePassword(
@RequestParam String oldPassword,
@RequestParam String password,
=== modified file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js 2013-12-19 11:50:58 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js 2014-09-17 07:03:32 +0000
@@ -59,9 +59,9 @@
$( "#submitButton" ).attr( "disabled", "disabled" );
$.ajax( {
- url: '../../api/account',
+ url: '../../api/account/password',
data: $( "#accountForm" ).serialize(),
- type: 'put',
+ type: 'POST',
success: function( data ) {
window.location.href = "../../dhis-web-commons-about/redirect.action";
},
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-09-09 23:57:34 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-09-17 07:03:32 +0000
@@ -52,6 +52,7 @@
<sec:intercept-url pattern="/api/account/username" access="permitAll()" />
<sec:intercept-url pattern="/api/account/recovery" access="permitAll()" />
<sec:intercept-url pattern="/api/account/restore" access="permitAll()" />
+ <sec:intercept-url pattern="/api/account/password" access="permitAll()" />
<sec:intercept-url pattern="/api/account" access="permitAll()" />
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />